Cyber Attacks, Threats, and Vulnerabilities
Microsoft: Patch your Exchange servers, they're under attack (ZDNet) What attacker needs to risk burning a zero-day flaw when targets leave critical Exchange bugs unpatched for months?
The cyber honey trap that caught out Beijing (Australian Financial Review) The inside story of the new front line in China's escalating cyber offensive and its most notorious hacking group, Stone Panda.
()
Hackers hide Magecart script in favicon image's EXIF data to steal credit card details (Computing) EXIF format enables people to store interchange information in digital photography image files using JPEG compression
Credit card skimmers are now being buried in image file metadata on e-commerce websites | ZDNet (ZDNet) Magecart attackers are suspected of using an interesting technique to steal your financial data.
Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files (Malwarebytes Labs) This credit card skimmer hides in plain sight, quite literally, as it resides inside the metadata of image files. We analyze the threat.
Threat Alert: DzMLT has Hidden Cryptominers in Container Images (Aquasec) We discovered an infrastructure of container images in Docker Hub containing Potentially Unwanted Application, designed to evade detection by static scanners
'GoldenSpy' Malware Hidden In Chinese Tax Software (SecurityWeek) A newly identified piece of malware is being distributed embedded in tax payment software that some businesses operating in China are required to install
Spyware in Chinese software likely placed by nation-state, say experts (NBC News) The malware's sophistication, and the lack of an obvious quick payoff, seems to show it was planted by a nation-state, says cybersecurity firm Trustwave.
The Golden Tax Department and the Emergence of GoldenSpy Malware (Trustwave) Trustwave SpiderLabs has discovered a new malware family, dubbed GoldenSpy, embedded in tax payment software that a Chinese bank requires corporations to install to conduct business operations in China. See Full Investigation.
The Golden Tax Department and Emergence of GoldenSpy Malware (Trustwave) Trustwave SpiderLabs threat hunting experts investigate a malware campaign targeting corporations operating in China.
Russian Criminal Group Finds New Target: Americans Working at Home (New York Times) A hacking group calling itself Evil Corp., indicted in December, has shown up in corporate networks with sophisticated ransomware. American officials worry election infrastructure could be next.
Attackers Cryptojacking Docker Images to Mine for Monero (Unit42) We identified a malicious Docker Hub account that was hosting six malicious images intended to mine the cryptocurrency, Monero.
Ransomware Operators Claim They Hacked LG (SecurityWeek) The cybercriminals behind the Maze ransomware claim they hacked LG and obtained highly sensitive information.
A domestic violence help app backed by Dr. Phil exposed victims’ distress recordings (TechCrunch) Exclusive: Thousands of victims' distress recordings were stored on a cloud server without a password.
Report: Domestic Abuse Prevention App Exposes Victims in Massive Data Breach (vpnMentor) vpnMentor’s research team, led by renowned analysts Noam Rotem and Ran Locar, recently discovered an incredibly sensitive data breach originating from the
FBI warns K12 schools of ransomware attacks via RDP (ZDNet) The FBI has issued a security alert warning K12 schools of the "ransomware threat" during the COVID-19 pandemic.
Hackers dump trove of IndiaBulls data as first ransom deadline ends (Hindustan Times) The data dump came at the end of a 24-hour deadline and was followed by a threat to leak another tranche of sensitive information, Singapore-based Cyble said, identifying the alleged hackers as a group deploying what is known as the CL0P ransomware.
Rockwell FactoryTalk View SE (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Low skill level to exploit
Vendor: Rockwell Automation
Equipment: FactoryTalk View SE
Vulnerabilities: Cleartext Storage of Sensitive Information, Weak Encoding for Password
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to unauthorized access to server data.
Philips Ultrasound Systems (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 3.6
Vendor: Philips
Equipment: Ultrasound ClearVue, Ultrasound CX, Ultrasound EPIQ/Affiniti, Ultrasound Sparq, Ultrasound Xperius
Vulnerability: Authentication Bypass Using an Alternate Path or Channel
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow a non-authenticated attacker to view or modify information.
Rockwell FactoryTalk Services Platform XXE (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.4
ATTENTION: Low skill level to exploit
Vendor: Rockwell Automation
Equipment: FactoryTalk Services Platform
Vulnerability: Improper Restriction of XML External Entity Reference
2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to a denial-of-service condition and to the arbitrary reading of any local file via system level services.
ENTTEC Lighting Controllers (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
Vendor: ENTTEC
Equipment: Datagate Mk2, Storm 24, Pixelator, E-Streamer Mk2
Vulnerabilities: Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control, Incorrect Permission Assignment for Critical Resource
2.
Ex-Soviet Bioweapons Labs Are Fighting COVID-19. Moscow Doesn’t Like It. (Foreign Policy) One of the greatest achievements of U.S. foreign policy has been targeted by a vicious disinformation campaign.
Inside the Social Media Cult That Convinces Young People to Give Up Everything (Medium) The DayLife Army always seemed like a troll. Then it became a nightmare.
A million phishing reports sent to NCSC service in two months (SC Magazine) The Suspicious Email Reporting Service has received more than a million reports of scam emails, National Cyber Security Centre announces.
MorganAsh cyber attack: L&G to underwrite lifetime annuities directly (Cover Magazine) Insurer has replaced MorganAsh service with ‘suitable interim alternative’ following cyber attack
Lion gets breweries up and running following ransomware attack (ZDNet) But the beverage giant cannot confirm that data won't eventually make its way out into the wild, despite not finding any evidence of it being removed.
Security Patches, Mitigations, and Software Updates
Patch time! NVIDIA fixes kernel driver holes on Windows and Linux (Naked Security) Kernel driver bugs often let crooks take over your entire system from even the weediest foothold.
TikTok to stop snooping on users' clipboards after iPhone update shows app constantly reads copied text (The Telegraph) A security patch from Apple has suddenly exposed just how many smartphone apps are reading users' clipboards every time they are on screen
()
Cyber Trends
Sponsored content: What treadmills tell us about the state of the office during Covid-19. (The CyberWire) (This article was contributed and sponsored by Extrahop.) Everything from IP phones to printers to treadmills in your office gym connect to a network somewhere—except now there’s nobody in the building to turn them off. A recent security report from ExtraHop did find that most businesses remembered to shut down the exercise equipment when shuttering their doors in an attempt to slow the spread of COVID-19, but can the same be said for other connected devices?
Hospitals Scramble to Adapt Security Measures Amid Cyberattacks (Wall Street Journal) Hackers are attempting to gain access to hospital financial networks and medical records on a huge scale, hospital security chiefs say.
NetMotion finds that remote employees are dangerously exposed to risky content (NetMotion Software) NetMotion used anonymized data to see whether remote workers put themselves at risk by clicking on risky content links. Here are the results.
New LastPass Study Finds Identity and Access Management is Critical to Securing a Remote Workforce (The LastPass Blog) Identity and access management (IAM) technologies securely connect the right employees to the right business resources at the right time. IAM protects the business while keeping employees securely connected, but...
Which Device will be YOUR weakest link this year? (Forescout) Discusses the key findings from the annual device cloud report. Should be broken into the sections of Risk Exposure, Riskiest Devices and Recommendations
()
Snyk State of Open Source Security Report Reveals Vulnerabilities Down as Cybersecurity Responsibilities Are More Effectively Shared Across Teams (PR Newswire) Snyk, the leader in developer-first security, released its annual State of Open Source Security Report for 2020 today. The study found new...
Four in ten security professionals admit half of cyberattacks have successfully bypassed their Web Application Firewall defences (IT Supply Chain) Neustar, Inc., a global information services and technology company...
Nearly half of UK businesses admit current cyber security policies are not fit for home-working (Centrify) Almost half (48 per cent) of business decision makers have admitted that their existing cyber security policies are currently not suitable for maintaining a 100 per cent remote working model.
Marketplace
The 10 biggest cyber security acquisitions of 2020 (so far) (CRN) A leg up on the competition
HelpSystems Acquires Leading Data Classification Providers to Bolster Security Business (HelpSystems) Canada-based Titus and UK-based Boldon James join to create top platform in data classification software
Qinetiq disposes of Boldon James (BOLSAMANIA) Science and engineering group Qinetiq agreed to dispose of software company Boldon James on Thursday.
Belgium-based ethical hacking platform Intigriti raises €4 million to grow internationally (EU-Startups) Europe’s leading crowdsourced cybersecurity firm Intigriti has announced that it has raised €4.1 million in their Series A round, led by European based venture capital firm ETF partners. ETF partner Remy de Tonnac (previously CEO Gemalto/INSIDE secure) will join the board of directors. The investmen
Apple Acquires Device Management Company Fleetsmith (SecurityWeek) Apple has acquired Fleetsmith, a company that specializes in solutions that automate the setup, patching and security of Macs, iPhones, iPads and Apple TV devices
Salesforce invests in security software provider Tanium at $9 billion valuation (CNBC) Salesforce Ventures, one of the most active corporate venture groups in tech, is investing in Tanium as part of a strategic tie-up between the two companies.
Facebook Looks to Contain Advertising Boycott Over Hate Speech (Wall Street Journal) Facebook is working to persuade its top advertisers not to pause spending on the social network, as it tries to keep a boycott from a handful of marketers from turning into a widespread revolt.
Facebook faces snowballing boycott from advertisers over content moderation (The Telegraph) The social network is being targeted by groups unhappy with its record on racism and violence. But how effective will their boycott be?
Verizon is pulling advertising from Facebook and Instagram (CNBC) Verizon says it is pulling advertising on Facebook until the company "can create an acceptable solution that makes us comfortable."
ZeroFOX Awarded as Technology Pioneer by World Economic Forum (Yahoo) ZeroFOX was selected out of hundreds of candidates as one of the World Economic Forum’s "Technology Pioneers".
Second Annual Cybersecurity Impact Awards Announces Honorees (BusinessWire) The 2nd Annual Cybersecurity Impact Awards announced that its independent panel of judges has identified and is recognizing honorees.
National Integrated Cyber Education Research Center Unveils Rebrand to CYBER.ORG (BusinessWire) The National Integrated Cyber Education Research Center (NICERC) today announced the organization’s rebrand to CYBER.ORG, unveiling a new website, log
Arkose Labs Hires Web Security Product Expert David Senecal (MarTech Series) Arkose Labs, provider of online fraud and abuse prevention technology, announced another addition to its leadership team.
Sharks and Santa Clara County Host Free COVID-19 Testing at SAP Center (NHL.com) San Jose Sharks and the County of Santa Clara to host free COVID-19 walk-up testing at SAP Center at San Jose on June 23-27.
Products, Services, and Solutions
KnowBe4’s New CEO Fraud Prevention Manual Now Available (GlobeNewswire) Manual to help security professionals stay better protected from CEO fraud
Veea Brings Enterprise-Grade Security to SMB/SMEs and IoT with New vTPN Security Edge Service (PR Newswire) Veea Inc., a pioneer in smart edge connectivity and computing, today announced the availability of their Virtual Trusted Private Network (vTPN)...
King & Union and DarkOwl Unite to Provide Fractional Access to Searchable Darknet Data (King & Union) DarkOwl Brings World’s Largest Database of Darknet Content to King & Union Avalon Cyber Analysis Platform Customers
Pulse Secure and Gigamon Partnership Strengthens Secure Access from Any Device as Market Demand for Zero Trust Network Access Grows (GlobeNewswire) New certified integration enhances on-premises access visibility and User and Entity Behavior Analytics (UEBA) capabilities
SaltStack Releases SaltStack Enterprise 6.3 (SaltStack) New integrations with Splunk, Tenable, Qualys, Rapid7, and Kenna Security deliver automated security for digital business
Okta, CrowdStrike, Netskope, and Proofpoint Join Together to Secure Remote Work (BusinessWire) Okta, Inc. (NASDAQ:OKTA), CrowdStrike, Inc. (NASDAQ: CRWD), Netskope, and Proofpoint, Inc. (NASDAQ: PFPT) today announced the companies are coordinati
Technologies, Techniques, and Standards
SOAR Is DevSecOps (RSA Conference) In 2016, I was convinced that DevSecOps was the way forward for the network defenders of the world to secure its infrastructure and its applications. Two books convinced me that it was so: Gene Kim’s famous novel, The Phoenix Project, and Google’s Site Reliability Engineering.
Core cybersecurity principles for new companies and products (Help Net Security) A new World Economic Forum report outlines core cybersecurity principles and points to how companies must reduce cyber risk to remain competitive.
There is no cybersecurity silver bullet (TechRadar) There's no single cybersecurity solution
Non-Human Identities: The New Blindspot in Cybersecurity (SecurityWeek) Enterprises should look to implement a dynamic password model that when combined with a least privilege approach minimizes the risk of identity-related breaches.
US Cybercom virtual war game girds against increased threats (Washington Post) A top U.S. military cyber official says foreign hackers are taking advantage of the coronavirus pandemic to undermine institutions and threaten critical infrastructure
This training tool could be the answer to stop mass cyberattacks (C4ISRNET) At air bases across Europe, networks are under attack. But cyber operators from around the world are on the case.
Design and Innovation
Facebook will show users a pop-up warning before they share an outdated story (TechCrunch) Facebook announced Thursday that it would introduce a notification screen warning users if they try to share content that’s more than 90 days old. They’ll be given the choice to “go back” or to click through if they’d still like to share the story knowing that it isn&#…
Marred by garbage: Striking a balance for security data (Help Net Security) One of the most central questions, is how much data is enough? What is the correct balance? Niagara Network explains in detail.
Research and Development
Quantum entanglement demonstrated aboard orbiting CubeSat: Advance poised to enable cost-effective space-based global quantum network for secure communications and more (ScienceDaily) In a critical step toward creating a global quantum communications network, researchers have generated and detected quantum entanglement onboard a CubeSat nanosatellite weighing less than 2.6 kilograms and orbiting the Earth.
Legislation, Policy, and Regulation
()
Bid to keep Huawei out of 5G trials (Telegraph) DoT panel to review participation of Chinese companies
Japan Plans National Champion to Challenge Huawei (Wall Street Journal) Japan’s top telecommunications company is taking a $600 million stake in a leading telecoms hardware maker, seeking to build a national champion that can take business from China’s Huawei Technologies Co.
Huawei's new chip research facility in Britain gets the green light (CNBC) South Cambridgeshire District Council approved the first phase of construction of Huawei's planned R&D center, which the company intends to use to build state-of-the-art chips.
White House Considers Broad Federal Intervention to Secure 5G Future (Wall Street Journal) The Trump administration has discussed a range of strategies to counter Huawei’s growth and put more American muscle into the competition against the Chinese telecom giant, including by prodding large U.S. technology companies to acquire Ericsson or Nokia.
Analysis | The Cybersecurity 202: Democrats and Republicans unite to push for a new cybersecurity czar (Washington Post) The new White House position would coordinate cybersecurity policy across the government.
RGS opposes Lawful Access to Encrypted Data Act (Reform Government Surveillance) The Reform Government Surveillance coalition strongly opposes the Lawful Access to Encrypted Data Act. This bill would require companies to build encryption backdoors that would jeopardize the sensitive data of our billions of users and the security of our products and services. It would leave all Americans, businesses, and government agencies dangerously exposed to cyber threats from criminals and foreign adversaries, and make us all less safe.
Lawmakers call for cyber leadership as they introduce bill that would create White House post (CyberScoop) After then-national security adviser John Bolton eliminated the position of White House cybersecurity coordinator in the spring of 2018, Democratic lawmakers quickly introduced a bill to restore the position, arguing that it was crucial for the White House to show leadership on the issue.
Social Media’s Misinformation Mismatch (Medium) Social media companies are taking a far more aggressive approach to content moderation for COVID-19 than political misinformation.
Analysis | Harry Reid’s latest dubious claim about elections (Washington Post) The Democratic former Senate majority leader has boasted about spreading misinformation ahead of a presidential election. He’s back with another unproven claim.
Almost 17,000 Protesters Had No Idea A Tech Company Was Tracing Their Location (BuzzFeed News) Data company Mobilewalla used cellphone information to estimate the demographics of protesters. Sen. Elizabeth Warren says it’s “shady” and concerning.
US government broadcasters have long advanced the cause of freedom. Now they’re under threat (Atlantic Council) A government threatening the independence of journalists is the kind of story Voice of America used to cover. Now VOA is on the other end of the sword.
‘Lightning in her veins’: How Katie Arrington is convincing defense contractors to love cybersecurity (C4ISRNET) Katie Arrington is leading the Pentagon's overhaul of cybersecurity requirements for defense contractors. Now she has to convince 300,000 companies to follow them.
Navigating the CCPA – What you need to know before July 1 (Security Info Watch) 7 facts all cybersecurity and compliance executives should know
Calif. Privacy Law Revision To Appear On Nov. Ballots (Law360) California residents will soon have a chance to vote on a proposal to strengthen the state's landmark consumer privacy law, with the secretary of state announcing Thursday that the backers of the California Privacy Rights Act had gathered enough signatures to qualify the measure for November's general election ballot.
Litigation, Investigation, and Law Enforcement
Trudeau rejects calls to release Huawei executive (BBC News) The PM is under pressure to release Meng Wanzhou in order to help free two detained Canadians.
The Law of Classified Information: A Primer (Lawfare) How the U.S. government regulates its secrets.
New Charges, Sentencing in Satori IoT Botnet Conspiracy (KrebsOnSecurity) The U.S. Justice Department today criminally charged a Canadian and a Northern Ireland man for allegedly conspiring to build multiple botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks. In addition, a defendant in the United States was sentenced to drug…
Man sentenced, two others charged, in connection with Satori IoT... (HOTforSecurity) 22-year old man from Vancouver, Washington, has been sentenced to a US federal prison for his role in the development of the Satori botnet, which launched distributed denial-of-service (DDoS) attacks from hijacked IoT devices. The Satori botnet, based upon similar code to the... #botnet #SAtori
NSO Group Says WhatsApp Can't Get Injunction Over Hacking (Law360) NSO Group has urged a California federal judge to deny Facebook-owned WhatsApp's bid to permanently bar the Israeli spyware company from using or "interfering" with the social media platforms, as the messaging app accuses NSO Group of hacking its users.
Australian Politician’s Home Raided in Chinese Influence Inquiry (New York Times) The case is the first high-profile criminal investigation of Chinese influence peddling to be made public since Australia passed foreign interference laws two years ago.